1*f447f37aSriastradh
2*f447f37aSriastradh #define TEST_NAME "pwhash_argon2id"
3*f447f37aSriastradh #include "cmptest.h"
4*f447f37aSriastradh
5*f447f37aSriastradh #define OUT_LEN 128
6*f447f37aSriastradh #define OPSLIMIT 3
7*f447f37aSriastradh #define MEMLIMIT 5000000
8*f447f37aSriastradh
9*f447f37aSriastradh static void
tv(void)10*f447f37aSriastradh tv(void)
11*f447f37aSriastradh {
12*f447f37aSriastradh static struct {
13*f447f37aSriastradh const char * passwd_hex;
14*f447f37aSriastradh size_t passwd_len;
15*f447f37aSriastradh const char * salt_hex;
16*f447f37aSriastradh size_t outlen;
17*f447f37aSriastradh unsigned long long opslimit;
18*f447f37aSriastradh size_t memlimit;
19*f447f37aSriastradh unsigned int lanes;
20*f447f37aSriastradh } tests[] = {
21*f447f37aSriastradh { "a347ae92bce9f80f6f595a4480fc9c2fe7e7d7148d371e9487d75f5c23008ffae0"
22*f447f37aSriastradh "65577a928febd9b1973a5a95073acdbeb6a030cfc0d79caa2dc5cd011cef02c08d"
23*f447f37aSriastradh "a232d76d52dfbca38ca8dcbd665b17d1665f7cf5fe59772ec909733b24de97d6f5"
24*f447f37aSriastradh "8d220b20c60d7c07ec1fd93c52c31020300c6c1facd77937a597c7a6",
25*f447f37aSriastradh 127,
26*f447f37aSriastradh "5541fbc995d5c197ba290346d2c559dedf405cf97e5f95482143202f9e74f5c2",
27*f447f37aSriastradh 155, 5, 7256678, 1 },
28*f447f37aSriastradh { "e125cee61c8cb7778d9e5ad0a6f5d978ce9f84de213a8556d9ffe202020ab4a6ed"
29*f447f37aSriastradh "9074a4eb3416f9b168f137510f3a30b70b96cbfa219ff99f6c6eaffb15c06b60e0"
30*f447f37aSriastradh "0cc2890277f0fd3c622115772f7048adaebed86e",
31*f447f37aSriastradh 86,
32*f447f37aSriastradh "f1192dd5dc2368b9cd421338b22433455ee0a3699f9379a08b9650ea2c126f0d",
33*f447f37aSriastradh 250, 4, 7849083, 1 },
34*f447f37aSriastradh { "92263cbf6ac376499f68a4289d3bb59e5a22335eba63a32e6410249155b956b6a3"
35*f447f37aSriastradh "b48d4a44906b18b897127300b375b8f834f1ceffc70880a885f47c33876717e392"
36*f447f37aSriastradh "be57f7da3ae58da4fd1f43daa7e44bb82d3717af4319349c24cd31e46d295856b0"
37*f447f37aSriastradh "441b6b289992a11ced1cc3bf3011604590244a3eb737ff221129215e4e4347f491"
38*f447f37aSriastradh "5d41292b5173d196eb9add693be5319fdadc242906178bb6c0286c9b6ca6012746"
39*f447f37aSriastradh "711f58c8c392016b2fdfc09c64f0f6b6ab7b",
40*f447f37aSriastradh 183,
41*f447f37aSriastradh "3b840e20e9555e9fb031c4ba1f1747ce25cc1d0ff664be676b9b4a90641ff194",
42*f447f37aSriastradh 249, 3, 7994791, 1 },
43*f447f37aSriastradh { "027b6d8e8c8c474e9b69c7d9ed4f9971e8e1ce2f6ba95048414c3970f0f09b70e3"
44*f447f37aSriastradh "b6c5ae05872b3d8678705b7d381829c351a5a9c88c233569b35d6b0b809df44b64"
45*f447f37aSriastradh "51a9c273f1150e2ef8a0b5437eb701e373474cd44b97ef0248ebce2ca0400e1b53"
46*f447f37aSriastradh "f3d86221eca3f18eb45b702b9172440f774a82cbf1f6f525df30a6e293c873cce6"
47*f447f37aSriastradh "9bb078ed1f0d31e7f9b8062409f37f19f8550aae",
48*f447f37aSriastradh 152,
49*f447f37aSriastradh "eb2a3056a09ad2d7d7f975bcd707598f24cd32518cde3069f2e403b34bfee8a5", 5,
50*f447f37aSriastradh 4, 1397645, 1 },
51*f447f37aSriastradh { "4a857e2ee8aa9b6056f2424e84d24a72473378906ee04a46cb05311502d5250b82"
52*f447f37aSriastradh "ad86b83c8f20a23dbb74f6da60b0b6ecffd67134d45946ac8ebfb3064294bc097d"
53*f447f37aSriastradh "43ced68642bfb8bbbdd0f50b30118f5e",
54*f447f37aSriastradh 82,
55*f447f37aSriastradh "39d82eef32010b8b79cc5ba88ed539fbaba741100f2edbeca7cc171ffeabf258",
56*f447f37aSriastradh 190, 3, 1432947, 1 },
57*f447f37aSriastradh { "c7b09aec680e7b42fedd7fc792e78b2f6c1bea8f4a884320b648f81e8cf515e8ba"
58*f447f37aSriastradh "9dcfb11d43c4aae114c1734aa69ca82d44998365db9c93744fa28b63fd16000e82"
59*f447f37aSriastradh "61cbbe083e7e2da1e5f696bde0834fe53146d7e0e35e7de9920d041f5a5621aabe"
60*f447f37aSriastradh "02da3e2b09b405b77937efef3197bd5772e41fdb73fb5294478e45208063b5f58e"
61*f447f37aSriastradh "089dbeb6d6342a909c1307b3fff5fe2cf4da56bdae50848f",
62*f447f37aSriastradh 156,
63*f447f37aSriastradh "039c056d933b475032777edbaffac50f143f64c123329ed9cf59e3b65d3f43b6",
64*f447f37aSriastradh 178, 3, 4886999, 1 },
65*f447f37aSriastradh { "b540beb016a5366524d4605156493f9874514a5aa58818cd0c6dfffaa9e90205f1"
66*f447f37aSriastradh "7b",
67*f447f37aSriastradh 34,
68*f447f37aSriastradh "44071f6d181561670bda728d43fb79b443bb805afdebaf98622b5165e01b15fb",
69*f447f37aSriastradh 231, 1, 1631659, 1 },
70*f447f37aSriastradh { "a14975c26c088755a8b715ff2528d647cd343987fcf4aa25e7194a8417fb2b4b3f"
71*f447f37aSriastradh "7268da9f3182b4cfb22d138b2749d673a47ecc7525dd15a0a3c66046971784bb63"
72*f447f37aSriastradh "d7eae24cc84f2631712075a10e10a96b0e0ee67c43e01c423cb9c44e5371017e9c"
73*f447f37aSriastradh "496956b632158da3fe12addecb88912e6759bc37f9af2f45af72c5cae3b179ffb6"
74*f447f37aSriastradh "76a697de6ebe45cd4c16d4a9d642d29ddc0186a0a48cb6cd62bfc3dd229d313b30"
75*f447f37aSriastradh "1560971e740e2cf1f99a9a090a5b283f35475057e96d7064e2e0fc81984591068d"
76*f447f37aSriastradh "55a3b4169f22cccb0745a2689407ea1901a0a766eb99",
77*f447f37aSriastradh 220,
78*f447f37aSriastradh "3d968b2752b8838431165059319f3ff8910b7b8ecb54ea01d3f54769e9d98daf",
79*f447f37aSriastradh 167, 3, 1784128, 1 },
80*f447f37aSriastradh };
81*f447f37aSriastradh char passwd[256];
82*f447f37aSriastradh unsigned char salt[crypto_pwhash_SALTBYTES];
83*f447f37aSriastradh unsigned char out[256];
84*f447f37aSriastradh char out_hex[256 * 2 + 1];
85*f447f37aSriastradh size_t i = 0U;
86*f447f37aSriastradh
87*f447f37aSriastradh do {
88*f447f37aSriastradh sodium_hex2bin((unsigned char *) passwd, sizeof passwd,
89*f447f37aSriastradh tests[i].passwd_hex, strlen(tests[i].passwd_hex), NULL,
90*f447f37aSriastradh NULL, NULL);
91*f447f37aSriastradh sodium_hex2bin(salt, sizeof salt, tests[i].salt_hex,
92*f447f37aSriastradh strlen(tests[i].salt_hex), NULL, NULL, NULL);
93*f447f37aSriastradh if (crypto_pwhash(out, (unsigned long long) tests[i].outlen, passwd,
94*f447f37aSriastradh tests[i].passwd_len, (const unsigned char *) salt,
95*f447f37aSriastradh tests[i].opslimit, tests[i].memlimit,
96*f447f37aSriastradh crypto_pwhash_alg_default()) != 0) {
97*f447f37aSriastradh printf("[tv] pwhash failure (maybe intentional): [%u]\n",
98*f447f37aSriastradh (unsigned int) i);
99*f447f37aSriastradh continue;
100*f447f37aSriastradh }
101*f447f37aSriastradh sodium_bin2hex(out_hex, sizeof out_hex, out, tests[i].outlen);
102*f447f37aSriastradh printf("%s\n", out_hex);
103*f447f37aSriastradh } while (++i < (sizeof tests) / (sizeof tests[0]));
104*f447f37aSriastradh }
105*f447f37aSriastradh
106*f447f37aSriastradh static void
tv2(void)107*f447f37aSriastradh tv2(void)
108*f447f37aSriastradh {
109*f447f37aSriastradh static struct {
110*f447f37aSriastradh const char * passwd_hex;
111*f447f37aSriastradh size_t passwd_len;
112*f447f37aSriastradh const char * salt_hex;
113*f447f37aSriastradh size_t outlen;
114*f447f37aSriastradh unsigned long long opslimit;
115*f447f37aSriastradh size_t memlimit;
116*f447f37aSriastradh unsigned int lanes;
117*f447f37aSriastradh } tests[] = {
118*f447f37aSriastradh { "a347ae92bce9f80f6f595a4480fc9c2fe7e7d7148d371e9487d75f5c23008ffae0"
119*f447f37aSriastradh "65577a928febd9b1973a5a95073acdbeb6a030cfc0d79caa2dc5cd011cef02c08d"
120*f447f37aSriastradh "a232d76d52dfbca38ca8dcbd665b17d1665f7cf5fe59772ec909733b24de97d6f5"
121*f447f37aSriastradh "8d220b20c60d7c07ec1fd93c52c31020300c6c1facd77937a597c7a6",
122*f447f37aSriastradh 127,
123*f447f37aSriastradh "5541fbc995d5c197ba290346d2c559dedf405cf97e5f95482143202f9e74f5c2",
124*f447f37aSriastradh 155, 4, 397645, 1 },
125*f447f37aSriastradh { "a347ae92bce9f80f6f595a4480fc9c2fe7e7d7148d371e9487d75f5c23008ffae0"
126*f447f37aSriastradh "65577a928febd9b1973a5a95073acdbeb6a030cfc0d79caa2dc5cd011cef02c08d"
127*f447f37aSriastradh "a232d76d52dfbca38ca8dcbd665b17d1665f7cf5fe59772ec909733b24de97d6f5"
128*f447f37aSriastradh "8d220b20c60d7c07ec1fd93c52c31020300c6c1facd77937a597c7a6",
129*f447f37aSriastradh 127,
130*f447f37aSriastradh "5541fbc995d5c197ba290346d2c559dedf405cf97e5f95482143202f9e74f5c2",
131*f447f37aSriastradh 155, 3, 397645, 1 },
132*f447f37aSriastradh };
133*f447f37aSriastradh char passwd[256];
134*f447f37aSriastradh unsigned char salt[crypto_pwhash_SALTBYTES];
135*f447f37aSriastradh unsigned char out[256];
136*f447f37aSriastradh char out_hex[256 * 2 + 1];
137*f447f37aSriastradh size_t i = 0U;
138*f447f37aSriastradh
139*f447f37aSriastradh do {
140*f447f37aSriastradh sodium_hex2bin((unsigned char *) passwd, sizeof passwd,
141*f447f37aSriastradh tests[i].passwd_hex, strlen(tests[i].passwd_hex), NULL,
142*f447f37aSriastradh NULL, NULL);
143*f447f37aSriastradh sodium_hex2bin(salt, sizeof salt, tests[i].salt_hex,
144*f447f37aSriastradh strlen(tests[i].salt_hex), NULL, NULL, NULL);
145*f447f37aSriastradh if (crypto_pwhash(out, (unsigned long long) tests[i].outlen, passwd,
146*f447f37aSriastradh tests[i].passwd_len, (const unsigned char *) salt,
147*f447f37aSriastradh tests[i].opslimit, tests[i].memlimit,
148*f447f37aSriastradh crypto_pwhash_alg_default()) != 0) {
149*f447f37aSriastradh printf("[tv2] pwhash failure: [%u]\n", (unsigned int) i);
150*f447f37aSriastradh continue;
151*f447f37aSriastradh }
152*f447f37aSriastradh sodium_bin2hex(out_hex, sizeof out_hex, out, tests[i].outlen);
153*f447f37aSriastradh printf("%s\n", out_hex);
154*f447f37aSriastradh } while (++i < (sizeof tests) / (sizeof tests[0]));
155*f447f37aSriastradh
156*f447f37aSriastradh if (crypto_pwhash_argon2id(out, sizeof out, "password", strlen("password"), salt, 3,
157*f447f37aSriastradh 1ULL << 12, 0) != -1) {
158*f447f37aSriastradh printf("[tv2] pwhash should have failed (0)\n");
159*f447f37aSriastradh }
160*f447f37aSriastradh if (crypto_pwhash_argon2id(out, sizeof out, "password", strlen("password"), salt, 3,
161*f447f37aSriastradh 1, crypto_pwhash_argon2id_alg_argon2id13()) != -1) {
162*f447f37aSriastradh printf("[tv2] pwhash should have failed (1)\n");
163*f447f37aSriastradh }
164*f447f37aSriastradh if (crypto_pwhash_argon2id(out, sizeof out, "password", strlen("password"), salt, 3,
165*f447f37aSriastradh 1ULL << 12, crypto_pwhash_argon2id_alg_argon2id13()) != -1) {
166*f447f37aSriastradh printf("[tv2] pwhash should have failed (2)\n");
167*f447f37aSriastradh }
168*f447f37aSriastradh if (crypto_pwhash_argon2id(out, sizeof out, "password", strlen("password"), salt, 2,
169*f447f37aSriastradh 1ULL << 12, crypto_pwhash_argon2id_alg_argon2id13()) != -1) {
170*f447f37aSriastradh printf("[tv2] pwhash should have failed (3)\n");
171*f447f37aSriastradh }
172*f447f37aSriastradh if (crypto_pwhash_argon2id(out, 15, "password", strlen("password"), salt, 3,
173*f447f37aSriastradh 1ULL << 12, crypto_pwhash_argon2id_alg_argon2id13()) != -1) {
174*f447f37aSriastradh printf("[tv2] pwhash with a short output length should have failed\n");
175*f447f37aSriastradh }
176*f447f37aSriastradh if (crypto_pwhash_argon2id(out, sizeof out, "password", 0x100000000ULL, salt, 3,
177*f447f37aSriastradh 1ULL << 12, crypto_pwhash_argon2id_alg_argon2id13()) != -1) {
178*f447f37aSriastradh printf("[tv2] pwhash with a long password length should have failed\n");
179*f447f37aSriastradh }
180*f447f37aSriastradh assert(crypto_pwhash_argon2id(out, sizeof out, "password", strlen("password"), salt,
181*f447f37aSriastradh OPSLIMIT, MEMLIMIT, crypto_pwhash_alg_argon2i13()) == -1);
182*f447f37aSriastradh }
183*f447f37aSriastradh
184*f447f37aSriastradh static void
tv3(void)185*f447f37aSriastradh tv3(void)
186*f447f37aSriastradh {
187*f447f37aSriastradh static struct {
188*f447f37aSriastradh const char *passwd;
189*f447f37aSriastradh const char *out;
190*f447f37aSriastradh } tests[] = {
191*f447f37aSriastradh { "",
192*f447f37aSriastradh "$argon2id$v=19$m=4096,t=0,p=1$X1NhbHQAAAAAAAAAAAAAAA$bWh++MKN1OiFHKgIWTLvIi1iHicmHH7+Fv3K88ifFfI" },
193*f447f37aSriastradh { "",
194*f447f37aSriastradh "$argon2id$v=19$m=2048,t=4,p=1$SWkxaUhpY21ISDcrRnYzSw$Mbg/Eck1kpZir5T9io7C64cpffdTBaORgyriLQFgQj8" },
195*f447f37aSriastradh { "",
196*f447f37aSriastradh "$argon2id$v=19$m=4882,t=2,p=1$bA81arsiXysd3WbTRzmEOw$Nm8QBM+7RH1DXo9rvp5cwKEOOOfD2g6JuxlXihoNcpE" },
197*f447f37aSriastradh { "^T5H$JYt39n%K*j:W]!1s?vg!:jGi]Ax?..l7[p0v:1jHTpla9;]bUN;?bWyCbtqg ",
198*f447f37aSriastradh "$argon2id$v=19$m=4096,t=0,p=1$PkEgMTYtYnl0ZXMgc2FsdA$ltB/ue1kPtBMBGfsysMpPigE6hiNEKZ9vs8vLNVDQGA" },
199*f447f37aSriastradh { "^T5H$JYt39n%K*j:W]!1s?vg!:jGi]Ax?..l7[p0v:1jHTpla9;]bUN;?bWyCbtqg ",
200*f447f37aSriastradh "$argon2id$v=19$m=4096,t=19,p=1$PkEgMTYtYnl0ZXMgc2FsdA$ltB/ue1kPtBMBGfsysMpPigE6hiNEKZ9vs8vLNVDQGA" },
201*f447f37aSriastradh { "K3S=KyH#)36_?]LxeR8QNKw6X=gFbxai$C%29V*",
202*f447f37aSriastradh "$argon2id$v=19$m=4096,t=1,p=3$PkEgcHJldHR5IGxvbmcgc2FsdA$HUqx5Z1b/ZypnUrvvJ5UC2Q+T6Q1WwASK/Kr9dRbGA0" }
203*f447f37aSriastradh };
204*f447f37aSriastradh char *out;
205*f447f37aSriastradh char *passwd;
206*f447f37aSriastradh size_t i = 0U;
207*f447f37aSriastradh
208*f447f37aSriastradh do {
209*f447f37aSriastradh out = (char *) sodium_malloc(strlen(tests[i].out) + 1U);
210*f447f37aSriastradh assert(out != NULL);
211*f447f37aSriastradh memcpy(out, tests[i].out, strlen(tests[i].out) + 1U);
212*f447f37aSriastradh passwd = (char *) sodium_malloc(strlen(tests[i].passwd) + 1U);
213*f447f37aSriastradh assert(passwd != NULL);
214*f447f37aSriastradh memcpy(passwd, tests[i].passwd, strlen(tests[i].passwd) + 1U);
215*f447f37aSriastradh if (crypto_pwhash_str_verify(out, passwd, strlen(passwd)) != 0) {
216*f447f37aSriastradh printf("[tv3] pwhash_argon2id_str failure (maybe intentional): [%u]\n",
217*f447f37aSriastradh (unsigned int) i);
218*f447f37aSriastradh continue;
219*f447f37aSriastradh }
220*f447f37aSriastradh sodium_free(out);
221*f447f37aSriastradh sodium_free(passwd);
222*f447f37aSriastradh } while (++i < (sizeof tests) / (sizeof tests[0]));
223*f447f37aSriastradh }
224*f447f37aSriastradh
225*f447f37aSriastradh static void
str_tests(void)226*f447f37aSriastradh str_tests(void)
227*f447f37aSriastradh {
228*f447f37aSriastradh char *str_out;
229*f447f37aSriastradh char *str_out2;
230*f447f37aSriastradh char *salt;
231*f447f37aSriastradh const char *passwd = "Correct Horse Battery Staple";
232*f447f37aSriastradh
233*f447f37aSriastradh
234*f447f37aSriastradh salt = (char *) sodium_malloc(crypto_pwhash_argon2id_SALTBYTES);
235*f447f37aSriastradh str_out = (char *) sodium_malloc(crypto_pwhash_argon2id_STRBYTES);
236*f447f37aSriastradh str_out2 = (char *) sodium_malloc(crypto_pwhash_argon2id_STRBYTES);
237*f447f37aSriastradh memcpy(salt, ">A 16-bytes salt", crypto_pwhash_argon2id_SALTBYTES);
238*f447f37aSriastradh if (crypto_pwhash_str(str_out, passwd, strlen(passwd), OPSLIMIT,
239*f447f37aSriastradh MEMLIMIT) != 0) {
240*f447f37aSriastradh printf("pwhash_str failure\n");
241*f447f37aSriastradh }
242*f447f37aSriastradh if (crypto_pwhash_str(str_out2, passwd, strlen(passwd), OPSLIMIT,
243*f447f37aSriastradh MEMLIMIT) != 0) {
244*f447f37aSriastradh printf("pwhash_str(2) failure\n");
245*f447f37aSriastradh }
246*f447f37aSriastradh if (strcmp(str_out, str_out2) == 0) {
247*f447f37aSriastradh printf("pwhash_str() doesn't generate different salts\n");
248*f447f37aSriastradh }
249*f447f37aSriastradh if (crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT) != 0 ||
250*f447f37aSriastradh crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT) != 0) {
251*f447f37aSriastradh printf("needs_rehash() false positive\n");
252*f447f37aSriastradh }
253*f447f37aSriastradh if (crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT / 2) != 1 ||
254*f447f37aSriastradh crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT - 1, MEMLIMIT) != 1 ||
255*f447f37aSriastradh crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT * 2) != 1 ||
256*f447f37aSriastradh crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT + 1, MEMLIMIT) != 1) {
257*f447f37aSriastradh printf("needs_rehash() false negative (0)\n");
258*f447f37aSriastradh }
259*f447f37aSriastradh if (crypto_pwhash_argon2id_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT / 2) != 1 ||
260*f447f37aSriastradh crypto_pwhash_argon2id_str_needs_rehash(str_out, OPSLIMIT - 1, MEMLIMIT) != 1 ||
261*f447f37aSriastradh crypto_pwhash_argon2id_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT * 2) != 1 ||
262*f447f37aSriastradh crypto_pwhash_argon2id_str_needs_rehash(str_out, OPSLIMIT + 1, MEMLIMIT) != 1) {
263*f447f37aSriastradh printf("needs_rehash() false negative (1)\n");
264*f447f37aSriastradh }
265*f447f37aSriastradh if (crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT / 2) != -1 ||
266*f447f37aSriastradh crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT - 1, MEMLIMIT) != -1 ||
267*f447f37aSriastradh crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT * 2) != -1 ||
268*f447f37aSriastradh crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT + 1, MEMLIMIT) != -1) {
269*f447f37aSriastradh printf("needs_rehash() false negative (2)\n");
270*f447f37aSriastradh }
271*f447f37aSriastradh if (crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT / 2) != 1) {
272*f447f37aSriastradh printf("pwhash_str_needs_rehash() didn't handle argon2id\n");
273*f447f37aSriastradh }
274*f447f37aSriastradh if (crypto_pwhash_str_needs_rehash(str_out + 1, OPSLIMIT, MEMLIMIT) != -1 ||
275*f447f37aSriastradh crypto_pwhash_argon2id_str_needs_rehash(str_out + 1, OPSLIMIT, MEMLIMIT) != -1) {
276*f447f37aSriastradh printf("needs_rehash() didn't fail with an invalid hash string\n");
277*f447f37aSriastradh }
278*f447f37aSriastradh if (sodium_is_zero((const unsigned char *) str_out + strlen(str_out),
279*f447f37aSriastradh crypto_pwhash_STRBYTES - strlen(str_out)) != 1 ||
280*f447f37aSriastradh sodium_is_zero((const unsigned char *) str_out2 + strlen(str_out2),
281*f447f37aSriastradh crypto_pwhash_STRBYTES - strlen(str_out2)) != 1) {
282*f447f37aSriastradh printf("pwhash_argon2id_str() doesn't properly pad with zeros\n");
283*f447f37aSriastradh }
284*f447f37aSriastradh if (crypto_pwhash_argon2id_str_verify(str_out, passwd, strlen(passwd)) != 0) {
285*f447f37aSriastradh printf("pwhash_argon2id_str_verify(1) failure\n");
286*f447f37aSriastradh }
287*f447f37aSriastradh if (crypto_pwhash_str_verify(str_out, passwd, strlen(passwd)) != 0) {
288*f447f37aSriastradh printf("pwhash_str_verify(1') failure\n");
289*f447f37aSriastradh }
290*f447f37aSriastradh str_out[14]++;
291*f447f37aSriastradh if (crypto_pwhash_str_verify(str_out, passwd, strlen(passwd)) != -1) {
292*f447f37aSriastradh printf("pwhash_argon2id_str_verify(2) failure\n");
293*f447f37aSriastradh }
294*f447f37aSriastradh str_out[14]--;
295*f447f37aSriastradh assert(str_out[crypto_pwhash_argon2id_STRBYTES - 1U] == 0);
296*f447f37aSriastradh
297*f447f37aSriastradh if (crypto_pwhash_str(str_out2, passwd, 0x100000000ULL, OPSLIMIT,
298*f447f37aSriastradh MEMLIMIT) != -1) {
299*f447f37aSriastradh printf("pwhash_str() with a large password should have failed\n");
300*f447f37aSriastradh }
301*f447f37aSriastradh if (crypto_pwhash_str(str_out2, passwd, strlen(passwd), 1, MEMLIMIT) != 0) {
302*f447f37aSriastradh printf("pwhash_str() with a small opslimit should not have failed\n");
303*f447f37aSriastradh }
304*f447f37aSriastradh if (crypto_pwhash_str(str_out2, passwd, strlen(passwd), 0, MEMLIMIT) != -1) {
305*f447f37aSriastradh printf("pwhash_argon2id_str() with a null opslimit should have failed\n");
306*f447f37aSriastradh }
307*f447f37aSriastradh if (crypto_pwhash_str_verify("$argon2id$m=65536,t=2,p=1c29tZXNhbHQ"
308*f447f37aSriastradh "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ",
309*f447f37aSriastradh "password", 0x100000000ULL) != -1) {
310*f447f37aSriastradh printf("pwhash_str_verify(invalid(0)) failure\n");
311*f447f37aSriastradh }
312*f447f37aSriastradh if (crypto_pwhash_str_verify("$argon2id$m=65536,t=2,p=1c29tZXNhbHQ"
313*f447f37aSriastradh "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ",
314*f447f37aSriastradh "password", strlen("password")) != -1) {
315*f447f37aSriastradh printf("pwhash_str_verify(invalid(1)) failure %d\n", errno);
316*f447f37aSriastradh }
317*f447f37aSriastradh if (crypto_pwhash_str_verify("$argon2id$m=65536,t=2,p=1$c29tZXNhbHQ"
318*f447f37aSriastradh "9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ",
319*f447f37aSriastradh "password", strlen("password")) != -1) {
320*f447f37aSriastradh printf("pwhash_str_verify(invalid(2)) failure\n");
321*f447f37aSriastradh }
322*f447f37aSriastradh if (crypto_pwhash_str_verify("$argon2id$m=65536,t=2,p=1$c29tZXNhbHQ"
323*f447f37aSriastradh "$b2G3seW+uPzerwQQC+/E1K50CLLO7YXy0JRcaTuswRo",
324*f447f37aSriastradh "password", strlen("password")) != -1) {
325*f447f37aSriastradh printf("pwhash_str_verify(invalid(3)) failure\n");
326*f447f37aSriastradh }
327*f447f37aSriastradh if (crypto_pwhash_str_verify("$argon2id$v=19$m=65536,t=2,p=1c29tZXNhbHQ"
328*f447f37aSriastradh "$wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA",
329*f447f37aSriastradh "password", strlen("password")) != -1) {
330*f447f37aSriastradh printf("pwhash_str_verify(invalid(4)) failure\n");
331*f447f37aSriastradh }
332*f447f37aSriastradh if (crypto_pwhash_str_verify("$argon2id$v=19$m=65536,t=2,p=1$c29tZXNhbHQ"
333*f447f37aSriastradh "wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA",
334*f447f37aSriastradh "password", strlen("password")) != -1) {
335*f447f37aSriastradh printf("pwhash_str_verify(invalid(5)) failure\n");
336*f447f37aSriastradh }
337*f447f37aSriastradh if (crypto_pwhash_str_verify("$argon2id$v=19$m=65536,t=2,p=1$c29tZXNhbHQ"
338*f447f37aSriastradh "$8iIuixkI73Js3G1uMbezQXD0b8LG4SXGsOwoQkdAQIM",
339*f447f37aSriastradh "password", strlen("password")) != -1) {
340*f447f37aSriastradh printf("pwhash_str_verify(invalid(6)) failure\n");
341*f447f37aSriastradh }
342*f447f37aSriastradh if (crypto_pwhash_str_verify("$argon2id$v=19$m=256,t=3,p=1$MDEyMzQ1Njc"
343*f447f37aSriastradh "$G5ajKFCoUzaXRLdz7UJb5wGkb2Xt+X5/GQjUYtS2+TE",
344*f447f37aSriastradh "password", strlen("password")) != 0) {
345*f447f37aSriastradh printf("pwhash_str_verify(valid(7)) failure\n");
346*f447f37aSriastradh }
347*f447f37aSriastradh if (crypto_pwhash_str_verify("$argon2id$v=19$m=256,t=3,p=1$MDEyMzQ1Njc"
348*f447f37aSriastradh "$G5ajKFCoUzaXRLdz7UJb5wGkb2Xt+X5/GQjUYtS2+TE",
349*f447f37aSriastradh "passwore", strlen("passwore")) != -1 || errno != EINVAL) {
350*f447f37aSriastradh printf("pwhash_str_verify(invalid(7)) failure\n");
351*f447f37aSriastradh }
352*f447f37aSriastradh if (crypto_pwhash_str_verify("$Argon2id$v=19$m=256,t=3,p=1$MDEyMzQ1Njc"
353*f447f37aSriastradh "$G5ajKFCoUzaXRLdz7UJb5wGkb2Xt+X5/GQjUYtS2+TE",
354*f447f37aSriastradh "password", strlen("password")) != -1 || errno != EINVAL) {
355*f447f37aSriastradh printf("pwhash_str_verify(invalid(8)) failure\n");
356*f447f37aSriastradh }
357*f447f37aSriastradh if (crypto_pwhash_str_verify("$argon2id$v=19$m=256,t=3,p=2$MDEyMzQ1Njc"
358*f447f37aSriastradh "$G5ajKFCoUzaXRLdz7UJb5wGkb2Xt+X5/GQjUYtS2+TE",
359*f447f37aSriastradh "password", strlen("password")) != -1 || errno != EINVAL) {
360*f447f37aSriastradh printf("pwhash_str_verify(invalid(9)) failure\n");
361*f447f37aSriastradh }
362*f447f37aSriastradh assert(crypto_pwhash_str_alg(str_out, "test", 4, OPSLIMIT, MEMLIMIT,
363*f447f37aSriastradh crypto_pwhash_ALG_ARGON2ID13) == 0);
364*f447f37aSriastradh assert(crypto_pwhash_argon2id_str_verify(str_out, "test", 4) == 0);
365*f447f37aSriastradh assert(crypto_pwhash_argon2id_str_needs_rehash(str_out,
366*f447f37aSriastradh OPSLIMIT, MEMLIMIT) == 0);
367*f447f37aSriastradh assert(crypto_pwhash_argon2id_str_needs_rehash(str_out,
368*f447f37aSriastradh OPSLIMIT / 2, MEMLIMIT) == 1);
369*f447f37aSriastradh assert(crypto_pwhash_argon2id_str_needs_rehash(str_out,
370*f447f37aSriastradh OPSLIMIT, MEMLIMIT / 2) == 1);
371*f447f37aSriastradh assert(crypto_pwhash_argon2id_str_needs_rehash(str_out, 0, 0) == 1);
372*f447f37aSriastradh assert(crypto_pwhash_argon2i_str_needs_rehash(str_out, 0, 0) == -1);
373*f447f37aSriastradh assert(crypto_pwhash_argon2id_str_needs_rehash(str_out + 1,
374*f447f37aSriastradh OPSLIMIT, MEMLIMIT) == -1);
375*f447f37aSriastradh assert(crypto_pwhash_argon2i_str_needs_rehash(str_out, 0, 0) == -1);
376*f447f37aSriastradh assert(crypto_pwhash_argon2i_str_needs_rehash("", OPSLIMIT, MEMLIMIT) == -1);
377*f447f37aSriastradh assert(crypto_pwhash_str_alg(str_out, "test", 4, OPSLIMIT, MEMLIMIT,
378*f447f37aSriastradh crypto_pwhash_ALG_ARGON2I13) == 0);
379*f447f37aSriastradh assert(crypto_pwhash_argon2i_str_verify(str_out, "test", 4) == 0);
380*f447f37aSriastradh assert(crypto_pwhash_argon2i_str_needs_rehash(str_out,
381*f447f37aSriastradh OPSLIMIT, MEMLIMIT) == 0);
382*f447f37aSriastradh assert(crypto_pwhash_argon2i_str_needs_rehash(str_out,
383*f447f37aSriastradh OPSLIMIT / 2, MEMLIMIT) == 1);
384*f447f37aSriastradh assert(crypto_pwhash_argon2i_str_needs_rehash(str_out,
385*f447f37aSriastradh OPSLIMIT, MEMLIMIT / 2) == 1);
386*f447f37aSriastradh assert(crypto_pwhash_argon2i_str_needs_rehash(str_out, 0, 0) == 1);
387*f447f37aSriastradh assert(crypto_pwhash_argon2id_str_needs_rehash(str_out, 0, 0) == -1);
388*f447f37aSriastradh assert(crypto_pwhash_argon2i_str_needs_rehash("", OPSLIMIT, MEMLIMIT) == -1);
389*f447f37aSriastradh assert(crypto_pwhash_argon2i_str_needs_rehash(str_out + 1,
390*f447f37aSriastradh OPSLIMIT, MEMLIMIT) == -1);
391*f447f37aSriastradh sodium_free(salt);
392*f447f37aSriastradh sodium_free(str_out);
393*f447f37aSriastradh sodium_free(str_out2);
394*f447f37aSriastradh }
395*f447f37aSriastradh
396*f447f37aSriastradh int
main(void)397*f447f37aSriastradh main(void)
398*f447f37aSriastradh {
399*f447f37aSriastradh tv();
400*f447f37aSriastradh tv2();
401*f447f37aSriastradh tv3();
402*f447f37aSriastradh str_tests();
403*f447f37aSriastradh
404*f447f37aSriastradh assert(crypto_pwhash_bytes_min() > 0U);
405*f447f37aSriastradh assert(crypto_pwhash_bytes_max() > crypto_pwhash_bytes_min());
406*f447f37aSriastradh assert(crypto_pwhash_passwd_max() > crypto_pwhash_passwd_min());
407*f447f37aSriastradh assert(crypto_pwhash_saltbytes() > 0U);
408*f447f37aSriastradh assert(crypto_pwhash_strbytes() > 1U);
409*f447f37aSriastradh assert(crypto_pwhash_strbytes() > strlen(crypto_pwhash_strprefix()));
410*f447f37aSriastradh
411*f447f37aSriastradh assert(crypto_pwhash_opslimit_min() > 0U);
412*f447f37aSriastradh assert(crypto_pwhash_opslimit_max() > 0U);
413*f447f37aSriastradh assert(crypto_pwhash_memlimit_min() > 0U);
414*f447f37aSriastradh assert(crypto_pwhash_memlimit_max() > 0U);
415*f447f37aSriastradh assert(crypto_pwhash_opslimit_interactive() > 0U);
416*f447f37aSriastradh assert(crypto_pwhash_memlimit_interactive() > 0U);
417*f447f37aSriastradh assert(crypto_pwhash_opslimit_moderate() > 0U);
418*f447f37aSriastradh assert(crypto_pwhash_memlimit_moderate() > 0U);
419*f447f37aSriastradh assert(crypto_pwhash_opslimit_sensitive() > 0U);
420*f447f37aSriastradh assert(crypto_pwhash_memlimit_sensitive() > 0U);
421*f447f37aSriastradh assert(strcmp(crypto_pwhash_primitive(), "argon2i") == 0);
422*f447f37aSriastradh
423*f447f37aSriastradh assert(crypto_pwhash_bytes_min() == crypto_pwhash_BYTES_MIN);
424*f447f37aSriastradh assert(crypto_pwhash_bytes_max() == crypto_pwhash_BYTES_MAX);
425*f447f37aSriastradh assert(crypto_pwhash_passwd_min() == crypto_pwhash_PASSWD_MIN);
426*f447f37aSriastradh assert(crypto_pwhash_passwd_max() == crypto_pwhash_PASSWD_MAX);
427*f447f37aSriastradh assert(crypto_pwhash_saltbytes() == crypto_pwhash_SALTBYTES);
428*f447f37aSriastradh assert(crypto_pwhash_strbytes() == crypto_pwhash_STRBYTES);
429*f447f37aSriastradh
430*f447f37aSriastradh assert(crypto_pwhash_opslimit_min() == crypto_pwhash_OPSLIMIT_MIN);
431*f447f37aSriastradh assert(crypto_pwhash_opslimit_max() == crypto_pwhash_OPSLIMIT_MAX);
432*f447f37aSriastradh assert(crypto_pwhash_memlimit_min() == crypto_pwhash_MEMLIMIT_MIN);
433*f447f37aSriastradh assert(crypto_pwhash_memlimit_max() == crypto_pwhash_MEMLIMIT_MAX);
434*f447f37aSriastradh assert(crypto_pwhash_opslimit_interactive() ==
435*f447f37aSriastradh crypto_pwhash_OPSLIMIT_INTERACTIVE);
436*f447f37aSriastradh assert(crypto_pwhash_memlimit_interactive() ==
437*f447f37aSriastradh crypto_pwhash_MEMLIMIT_INTERACTIVE);
438*f447f37aSriastradh assert(crypto_pwhash_opslimit_moderate() ==
439*f447f37aSriastradh crypto_pwhash_OPSLIMIT_MODERATE);
440*f447f37aSriastradh assert(crypto_pwhash_memlimit_moderate() ==
441*f447f37aSriastradh crypto_pwhash_MEMLIMIT_MODERATE);
442*f447f37aSriastradh assert(crypto_pwhash_opslimit_sensitive() ==
443*f447f37aSriastradh crypto_pwhash_OPSLIMIT_SENSITIVE);
444*f447f37aSriastradh assert(crypto_pwhash_memlimit_sensitive() ==
445*f447f37aSriastradh crypto_pwhash_MEMLIMIT_SENSITIVE);
446*f447f37aSriastradh
447*f447f37aSriastradh assert(crypto_pwhash_argon2id_bytes_min() == crypto_pwhash_bytes_min());
448*f447f37aSriastradh assert(crypto_pwhash_argon2id_bytes_max() == crypto_pwhash_bytes_max());
449*f447f37aSriastradh assert(crypto_pwhash_argon2id_passwd_min() == crypto_pwhash_passwd_min());
450*f447f37aSriastradh assert(crypto_pwhash_argon2id_passwd_max() == crypto_pwhash_passwd_max());
451*f447f37aSriastradh assert(crypto_pwhash_argon2id_saltbytes() == crypto_pwhash_saltbytes());
452*f447f37aSriastradh assert(crypto_pwhash_argon2id_strbytes() == crypto_pwhash_strbytes());
453*f447f37aSriastradh assert(strcmp(crypto_pwhash_argon2id_strprefix(),
454*f447f37aSriastradh crypto_pwhash_strprefix()) == 0);
455*f447f37aSriastradh assert(crypto_pwhash_argon2id_opslimit_min() ==
456*f447f37aSriastradh crypto_pwhash_opslimit_min());
457*f447f37aSriastradh assert(crypto_pwhash_argon2id_opslimit_max() ==
458*f447f37aSriastradh crypto_pwhash_opslimit_max());
459*f447f37aSriastradh assert(crypto_pwhash_argon2id_memlimit_min() ==
460*f447f37aSriastradh crypto_pwhash_memlimit_min());
461*f447f37aSriastradh assert(crypto_pwhash_argon2id_memlimit_max() ==
462*f447f37aSriastradh crypto_pwhash_memlimit_max());
463*f447f37aSriastradh assert(crypto_pwhash_argon2id_opslimit_interactive() ==
464*f447f37aSriastradh crypto_pwhash_opslimit_interactive());
465*f447f37aSriastradh assert(crypto_pwhash_argon2id_opslimit_moderate() ==
466*f447f37aSriastradh crypto_pwhash_opslimit_moderate());
467*f447f37aSriastradh assert(crypto_pwhash_argon2id_opslimit_sensitive() ==
468*f447f37aSriastradh crypto_pwhash_opslimit_sensitive());
469*f447f37aSriastradh assert(crypto_pwhash_argon2id_memlimit_interactive() ==
470*f447f37aSriastradh crypto_pwhash_memlimit_interactive());
471*f447f37aSriastradh assert(crypto_pwhash_argon2id_memlimit_moderate() ==
472*f447f37aSriastradh crypto_pwhash_memlimit_moderate());
473*f447f37aSriastradh assert(crypto_pwhash_argon2id_memlimit_sensitive() ==
474*f447f37aSriastradh crypto_pwhash_memlimit_sensitive());
475*f447f37aSriastradh assert(crypto_pwhash_alg_argon2id13() ==
476*f447f37aSriastradh crypto_pwhash_argon2id_alg_argon2id13());
477*f447f37aSriastradh assert(crypto_pwhash_alg_argon2i13() == crypto_pwhash_ALG_ARGON2I13);
478*f447f37aSriastradh assert(crypto_pwhash_alg_argon2i13() != crypto_pwhash_alg_default());
479*f447f37aSriastradh assert(crypto_pwhash_alg_argon2id13() == crypto_pwhash_ALG_ARGON2ID13);
480*f447f37aSriastradh assert(crypto_pwhash_alg_argon2id13() != crypto_pwhash_alg_argon2i13());
481*f447f37aSriastradh assert(crypto_pwhash_alg_argon2id13() == crypto_pwhash_alg_default());
482*f447f37aSriastradh
483*f447f37aSriastradh assert(crypto_pwhash_argon2id(NULL, 0, NULL, 0, NULL,
484*f447f37aSriastradh crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE,
485*f447f37aSriastradh crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE,
486*f447f37aSriastradh 0) == -1);
487*f447f37aSriastradh assert(crypto_pwhash_argon2id(NULL, 0, NULL, 0, NULL,
488*f447f37aSriastradh crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE,
489*f447f37aSriastradh crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE,
490*f447f37aSriastradh crypto_pwhash_ALG_ARGON2I13) == -1);
491*f447f37aSriastradh assert(crypto_pwhash_argon2i(NULL, 0, NULL, 0, NULL,
492*f447f37aSriastradh crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE,
493*f447f37aSriastradh crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE,
494*f447f37aSriastradh 0) == -1);
495*f447f37aSriastradh assert(crypto_pwhash_argon2i(NULL, 0, NULL, 0, NULL,
496*f447f37aSriastradh crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE,
497*f447f37aSriastradh crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE,
498*f447f37aSriastradh crypto_pwhash_ALG_ARGON2ID13) == -1);
499*f447f37aSriastradh
500*f447f37aSriastradh printf("OK\n");
501*f447f37aSriastradh
502*f447f37aSriastradh return 0;
503*f447f37aSriastradh }
504